By Lawrence Abrams
May 12, 2021
President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations.
This executive order follows the numerous cyberattacks targeting US interests this year, including the SolarWinds supply chain attacks in December and the more recent DarkSide ransomware attack against the largest US fuel pipeline, Colonial Pipeline.
The 34-page 'Executive Order on Improving the Nation's Cybersecurity' is designed to modernize the cybersecurity defenses of the federal government's infrastructure, created a standardized incident response playbook, and increase communication between service providers and law enforcement.
In summary, the executive order will direct the government to perform the following actions:
Require IT (information technology) and OT (operational technology) service providers, including cloud hosting providers, to share information about cybersecurity threats and breaches that they become aware of and to remove contractual issues that prevent the sharing of such information.
Modernize the federal government IT services, including moving towards a Zero Trust Architecture, require multi-factor authentication, encryption for data at rest and in transit, and develop strict security guidelines on the use of cloud services.
Improve supply-chain security by developing guidelines, tools, and best practices to audit and assure that critical software is not tampered with by malicious actors in supply-chain attacks. As part of this initiative, the Federal government will create an "energy star" type of program that shows software was developed securely.
Establish a "Cyber Safety Review Board" that includes Federal and private-sector members who will convene after a significant cyber incident to assess the attack, provide recommendations, and share relevant confidential information with law enforcement.
Create a standardized playbook across all government agencies for responding to breaches and cyberattacks.
Improve the detection and remediation of cybersecurity vulnerabilities and breaches on government networks by deploying a centralized Endpoint Detection and Response (EDR) solution and intra-governmental information sharing.
These initiatives will be conducting in rolling phrases ranging between 30 days from the executive order, to in some cases, 360 days.
"This is one of the most detailed and deadline-driven EOs I’ve seen from any administration. In the wake of a seismic attack, like SolarWinds, this is incredibly encouraging to see," Amit Yoran, CEO of Tenable and founding director of US-CERT, shared in a statement to BleepingComputer.
The White House has also released a summarized version of the executive order that provides a good overview of the upcoming changes being made to increase the country's cybersecurity posture.
Related Articles:
Malware attack is preventing car inspections in eight US states
Brown University hit by cyberattack, some systems still offline
City of Tulsa's online services disrupted in ransomware incident
Largest U.S. pipeline shuts down operations after ransomware attack
DarkSide ransomware will now vet targets after pipeline cyberattack
No comments:
Post a Comment